Google pays $250K for Linux vulnerability allowing guest VM escapes
Summary
Ars Technica reports on two high-severity Linux vulnerabilities disclosed this week: Januscape, a use-after-free flaw in KVM that could allow a guest VM to escape to the host, and GhostLock, a long-standing use-after-free in the futex priority-inheritance mechanism that can enable root access. Google paid $250,000 for reporting Januscape, and patches have been issued for both flaws. The article emphasizes the need to apply kernel and distribution updates to mitigate risk across affected systems.